GNUnet 0.26.0
 
Loading...
Searching...
No Matches
Data Structures | Macros | Functions
gnsrecord_crypto.c File Reference

API for GNS record-related crypto. More...

#include "platform.h"
#include "gnsrecord_crypto.h"
Include dependency graph for gnsrecord_crypto.c:

Go to the source code of this file.

Data Structures

struct  KeyCacheLine
 Line in cache mapping private keys to public keys. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
 
#define CSIZE   64
 

Functions

static ssize_t ecdsa_symmetric_decrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
 
static ssize_t ecdsa_symmetric_encrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
 
static enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
 
static enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
 
void GNR_derive_block_aes_key (unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Derive session key and iv from label and public key.
 
void GNR_derive_block_xsalsa_key (unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Derive session key and iv from label and public key.
 
static ssize_t block_get_size_ecdsa (const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 
static enum GNUNET_GenericReturnValue block_sign_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
static enum GNUNET_GenericReturnValue block_sign_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_sign (const struct GNUNET_CRYPTO_BlindablePrivateKey *key, const char *label, struct GNUNET_GNSRECORD_Block *block)
 Sign a block create with GNUNET_GNSRECORD_block_create_unsigned.
 
static enum GNUNET_GenericReturnValue block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records.
 
static ssize_t block_get_size_eddsa (const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 
static enum GNUNET_GenericReturnValue block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records (EDDSA version)
 
ssize_t GNUNET_GNSRECORD_block_calculate_size (const struct GNUNET_CRYPTO_BlindablePrivateKey *key, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 Get size of buffer for block creation.
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_BlindablePrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records.
 
static enum GNUNET_GenericReturnValue block_create2 (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result, int sign)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create_unsigned (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Create name and records but do not sign! Sign later with GNUNET_GNSRECORD_block_sign().
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records, cache derived public key (also keeps the private key in static memory, so do not use this function if keeping the private key in the process'es RAM is a major issue).
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 Check if a signature is valid.
 
static enum GNUNET_GenericReturnValue block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
static enum GNUNET_GenericReturnValue block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_BlindablePublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 Decrypt block.
 
void GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_BlindablePrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone.
 
void GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_BlindablePublicKey *pub, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone.
 

Detailed Description

API for GNS record-related crypto.

Author
Martin Schanzenbach
Matthias Wachs
Christian Grothoff

Definition in file gnsrecord_crypto.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)

Definition at line 31 of file gnsrecord_crypto.c.

◆ CSIZE

#define CSIZE   64

Function Documentation

◆ ecdsa_symmetric_decrypt()

static ssize_t ecdsa_symmetric_decrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  ctr,
void *  result 
)
static

Definition at line 34 of file gnsrecord_crypto.c.

40{
41 gcry_cipher_hd_t handle;
42 int rc;
43
44 GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
45 GCRY_CIPHER_MODE_CTR, 0));
46 rc = gcry_cipher_setkey (handle,
47 key,
48 GNUNET_CRYPTO_AES_KEY_LENGTH);
49 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
50 rc = gcry_cipher_setctr (handle,
51 ctr,
52 GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
53 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
54 GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
55 gcry_cipher_close (handle);
56 return size;
57}
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition gnunet-dht-put.c:37
result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240
handle
static struct GNUNET_VPN_Handle * handle
Handle to vpn service.
Definition gnunet-vpn.c:35
GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
Definition gnunet_crypto_lib.h:111
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
size
static unsigned int size
Size of the "table".
Definition peer.c:68

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, key, result, and size.

Referenced by block_decrypt_ecdsa().

Here is the caller graph for this function:

◆ ecdsa_symmetric_encrypt()

static ssize_t ecdsa_symmetric_encrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  ctr,
void *  result 
)
static

Definition at line 61 of file gnsrecord_crypto.c.

67{
68 gcry_cipher_hd_t handle;
69 int rc;
70
71 GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
72 GCRY_CIPHER_MODE_CTR, 0));
73 rc = gcry_cipher_setkey (handle,
74 key,
75 GNUNET_CRYPTO_AES_KEY_LENGTH);
76 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
77 rc = gcry_cipher_setctr (handle,
78 ctr,
79 GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
80 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
81 GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
82 gcry_cipher_close (handle);
83 return size;
84}

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, key, result, and size.

Referenced by block_create_ecdsa().

Here is the caller graph for this function:

◆ eddsa_symmetric_decrypt()

static enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  nonce,
void *  result 
)
static

Definition at line 88 of file gnsrecord_crypto.c.

94{
95 ssize_t ctlen = size - crypto_secretbox_MACBYTES;
96 if (ctlen < 0)
97 return GNUNET_SYSERR;
98 if (0 != crypto_secretbox_open_detached (result,
99 ((unsigned char*) block)
100 + crypto_secretbox_MACBYTES, // Ciphertext
101 block, // Tag
102 ctlen,
103 nonce, key))
104 {
105 return GNUNET_SYSERR;
106 }
107 return GNUNET_OK;
108}
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112

References GNUNET_OK, GNUNET_SYSERR, key, result, and size.

Referenced by block_decrypt_eddsa().

Here is the caller graph for this function:

◆ eddsa_symmetric_encrypt()

static enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  nonce,
void *  result 
)
static

Definition at line 112 of file gnsrecord_crypto.c.

118{
119 if (size > crypto_secretbox_MESSAGEBYTES_MAX)
120 return GNUNET_SYSERR;
121 crypto_secretbox_detached (result + crypto_secretbox_MACBYTES, // Ciphertext
122 result, // TAG
123 block, size, nonce, key);
124 return GNUNET_OK;
125}

References GNUNET_OK, GNUNET_SYSERR, key, result, and size.

Referenced by block_create_eddsa().

Here is the caller graph for this function:

◆ GNR_derive_block_aes_key()

void GNR_derive_block_aes_key ( unsigned char *  ctr,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
ivinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

4 byte nonce

Expiration time 64 bit.

Set counter part to 1

Definition at line 129 of file gnsrecord_crypto.c.

134{
135 static const char ctx_key[] = "gns-aes-ctx-key";
136 static const char ctx_iv[] = "gns-aes-ctx-iv";
137
138 GNUNET_CRYPTO_kdf (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
139 ctx_key, strlen (ctx_key),
140 pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
141 label, strlen (label),
142 NULL, 0);
143 memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
145 GNUNET_CRYPTO_kdf (ctr, 4,
146 ctx_iv, strlen (ctx_iv),
147 pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
148 label, strlen (label),
149 NULL, 0);
151 memcpy (ctr + 4, &exp, sizeof (exp));
153 ctr[15] |= 0x01;
154}
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition crypto_kdf.c:62
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition gnunet_crypto_lib.h:217

References GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_CRYPTO_kdf(), key, and pub.

Referenced by block_create_ecdsa(), block_decrypt_ecdsa(), and run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNR_derive_block_xsalsa_key()

void GNR_derive_block_xsalsa_key ( unsigned char *  nonce,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
nonceinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

16 byte nonce

Expiration time 64 bit.

Definition at line 158 of file gnsrecord_crypto.c.

163{
164 static const char ctx_key[] = "gns-xsalsa-ctx-key";
165 static const char ctx_iv[] = "gns-xsalsa-ctx-iv";
166
167 GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES,
168 ctx_key, strlen (ctx_key),
169 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
170 label, strlen (label),
171 NULL, 0);
172 memset (nonce, 0, crypto_secretbox_NONCEBYTES);
174 GNUNET_CRYPTO_kdf (nonce, (crypto_secretbox_NONCEBYTES - sizeof (exp)),
175 ctx_iv, strlen (ctx_iv),
176 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
177 label, strlen (label),
178 NULL, 0);
180 memcpy (nonce + (crypto_secretbox_NONCEBYTES - sizeof (exp)),
181 &exp, sizeof (exp));
182}
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:202

References GNUNET_CRYPTO_kdf(), key, and pub.

Referenced by block_create_eddsa(), block_decrypt_eddsa(), and run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_get_size_ecdsa()

static ssize_t block_get_size_ecdsa ( const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count 
)
static

Definition at line 186 of file gnsrecord_crypto.c.

188{
189 ssize_t len;
190
191 len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
192 if (len < 0)
193 return -1;
194 len += sizeof(struct GNUNET_GNSRECORD_Block);
195 return len;
196}
rd_count
static unsigned int rd_count
Number of records for currently parsed set.
Definition gnunet-namestore-zonefile.c:241
rd
static struct GNUNET_GNSRECORD_Data rd[50]
The record data under a single label.
Definition gnunet-namestore-zonefile.c:226
GNUNET_GNSRECORD_records_get_size
ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
Definition gnsrecord_serialization.c:78
GNUNET_GNSRECORD_Block
Definition gnunet_gnsrecord_lib.h:284

References GNUNET_GNSRECORD_records_get_size(), rd, and rd_count.

Referenced by GNUNET_GNSRECORD_block_calculate_size().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_sign_ecdsa()

static enum GNUNET_GenericReturnValue block_sign_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)
static

Definition at line 200 of file gnsrecord_crypto.c.

206{
207 struct GNRBlockPS *gnr_block;
208 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
209 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
210
211 gnr_block = GNUNET_malloc (size);
212 ecblock = &(block)->ecdsa_block;
213 gnr_block->purpose.size = htonl (size);
214 gnr_block->purpose.purpose =
215 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
216 gnr_block->expiration_time = ecblock->expiration_time;
217 /* encrypt and sign */
218 GNUNET_memcpy (&gnr_block[1], &ecblock[1],
219 size - sizeof (*gnr_block));
220 GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
221 label,
222 "gns",
223 &ecblock->derived_key);
224 if (GNUNET_OK !=
225 GNUNET_CRYPTO_ecdsa_sign_derived (key,
226 label,
227 "gns",
228 &gnr_block->purpose,
229 &ecblock->signature))
230 {
231 GNUNET_break (0);
232 GNUNET_free (gnr_block);
233 return GNUNET_SYSERR;
234 }
235 GNUNET_free (gnr_block);
236 return GNUNET_OK;
237}
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition gnunet-namecache.c:58
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
GNS record set signature (GNS)
Definition gnunet_signatures.h:124
GNUNET_CRYPTO_ecdsa_public_key_derive
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition crypto_ecc_gnsrecord.c:247
GNUNET_CRYPTO_ecdsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived(const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the mes...
Definition crypto_ecc_gnsrecord.c:181
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition gnunet_common.h:1320
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1045
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition gnunet_common.h:1355
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition gnunet_common.h:1415
GNRBlockPS
Information we have in an encrypted block with record data (i.e.
Definition gnsrecord_crypto.h:39
GNRBlockPS::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnsrecord_crypto.h:49
GNRBlockPS::purpose
struct GNUNET_CRYPTO_SignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
Definition gnsrecord_crypto.h:44
GNUNET_CRYPTO_SignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition gnunet_crypto_lib.h:156
GNUNET_CRYPTO_SignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition gnunet_crypto_lib.h:148
GNUNET_GNSRECORD_Block::size
uint32_t size
Size of the block.
Definition gnunet_gnsrecord_lib.h:288
GNUNET_GNSRECORD_EcdsaBlock
Information we have in an encrypted block with record data (i.e.
Definition gnunet_gnsrecord_lib.h:238
GNUNET_GNSRECORD_EcdsaBlock::signature
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
Definition gnunet_gnsrecord_lib.h:247
GNUNET_GNSRECORD_EcdsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnunet_gnsrecord_lib.h:252
GNUNET_GNSRECORD_EcdsaBlock::derived_key
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition gnunet_gnsrecord_lib.h:242

References GNUNET_GNSRECORD_EcdsaBlock::derived_key, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNRBlockPS::expiration_time, GNUNET_break, GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_free, GNUNET_malloc, GNUNET_memcpy, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, GNUNET_SYSERR, key, pkey, GNUNET_CRYPTO_SignaturePurpose::purpose, GNRBlockPS::purpose, GNUNET_GNSRECORD_EcdsaBlock::signature, GNUNET_CRYPTO_SignaturePurpose::size, GNUNET_GNSRECORD_Block::size, and size.

Referenced by block_create_ecdsa(), and GNUNET_GNSRECORD_block_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_sign_eddsa()

static enum GNUNET_GenericReturnValue block_sign_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)
static

Definition at line 241 of file gnsrecord_crypto.c.

247{
248 struct GNRBlockPS *gnr_block;
249 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
250 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
251 gnr_block = GNUNET_malloc (size);
252 edblock = &(block)->eddsa_block;
253 gnr_block->purpose.size = htonl (size);
254 gnr_block->purpose.purpose =
255 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
256 gnr_block->expiration_time = edblock->expiration_time;
257 GNUNET_memcpy (&gnr_block[1], &edblock[1],
258 size - sizeof (*gnr_block));
259 /* encrypt and sign */
260 GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
261 label,
262 "gns",
263 &edblock->derived_key);
264 GNUNET_CRYPTO_eddsa_sign_derived (key,
265 label,
266 "gns",
267 &gnr_block->purpose,
268 &edblock->signature);
269 GNUNET_free (gnr_block);
270 return GNUNET_OK;
271}
GNUNET_CRYPTO_eddsa_public_key_derive
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition crypto_ecc_gnsrecord.c:388
GNUNET_CRYPTO_eddsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived(const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes a private key and derives it using the label and c...
Definition crypto_ecc_gnsrecord.c:78
GNUNET_GNSRECORD_EddsaBlock
Information we have in an encrypted block with record data (i.e.
Definition gnunet_gnsrecord_lib.h:262
GNUNET_GNSRECORD_EddsaBlock::derived_key
struct GNUNET_CRYPTO_EddsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition gnunet_gnsrecord_lib.h:266
GNUNET_GNSRECORD_EddsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnunet_gnsrecord_lib.h:276
GNUNET_GNSRECORD_EddsaBlock::signature
struct GNUNET_CRYPTO_EddsaSignature signature
Signature of the block.
Definition gnunet_gnsrecord_lib.h:271

References GNUNET_GNSRECORD_EddsaBlock::derived_key, GNUNET_GNSRECORD_EddsaBlock::expiration_time, GNRBlockPS::expiration_time, GNUNET_CRYPTO_eddsa_public_key_derive(), GNUNET_CRYPTO_eddsa_sign_derived(), GNUNET_free, GNUNET_malloc, GNUNET_memcpy, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, key, pkey, GNUNET_CRYPTO_SignaturePurpose::purpose, GNRBlockPS::purpose, GNUNET_GNSRECORD_EddsaBlock::signature, GNUNET_CRYPTO_SignaturePurpose::size, GNUNET_GNSRECORD_Block::size, and size.

Referenced by block_create_eddsa(), and GNUNET_GNSRECORD_block_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create_ecdsa()

static enum GNUNET_GenericReturnValue block_create_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)
static

Sign name and records.

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockthe block result. Must be allocated sufficiently.
signsign the block GNUNET_NO if block will be signed later.
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 324 of file gnsrecord_crypto.c.

332{
333 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
334 rd);
335 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
336 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
337 unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
338 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
339 struct GNUNET_TIME_Absolute now;
340
341 if (payload_len < 0)
342 {
343 GNUNET_break (0);
344 return GNUNET_SYSERR;
345 }
346 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
347 {
348 GNUNET_break (0);
349 return GNUNET_SYSERR;
350 }
351 /* convert relative to absolute times */
352 now = GNUNET_TIME_absolute_get ();
353 for (unsigned int i = 0; i < rd_count; i++)
354 {
355 rdc[i] = rd[i];
356 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
357 {
358 struct GNUNET_TIME_Relative t;
359
360 /* encrypted blocks must never have relative expiration times, convert! */
361 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
362 t.rel_value_us = rdc[i].expiration_time;
363 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
364 }
365 }
366 /* serialize */
367 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
368 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
369 {
370 char payload[payload_len];
371
372 GNUNET_assert (payload_len ==
373 GNUNET_GNSRECORD_records_serialize (rd_count,
374 rdc,
375 payload_len,
376 payload));
377 ecblock = &(*block)->ecdsa_block;
378 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
379 ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
380 GNR_derive_block_aes_key (ctr,
381 skey,
382 label,
383 ecblock->expiration_time.abs_value_us__,
384 pkey);
385 GNUNET_assert (payload_len ==
386 ecdsa_symmetric_encrypt (payload,
387 payload_len,
388 skey,
389 ctr,
390 &ecblock[1]));
391 }
392 if (GNUNET_YES != sign)
393 return GNUNET_OK;
394 if (GNUNET_OK !=
395 block_sign_ecdsa (key, pkey, label, *block))
396 {
397 GNUNET_break (0);
398 GNUNET_free (*block);
399 return GNUNET_SYSERR;
400 }
401 return GNUNET_OK;
402}
block_sign_ecdsa
static enum GNUNET_GenericReturnValue block_sign_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition gnsrecord_crypto.c:200
ecdsa_symmetric_encrypt
static ssize_t ecdsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition gnsrecord_crypto.c:61
GNR_derive_block_aes_key
void GNR_derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition gnsrecord_crypto.c:129
GNUNET_GNSRECORD_TYPE_PKEY
#define GNUNET_GNSRECORD_TYPE_PKEY
WARNING: This header is generated! In order to add GNS record types, you must register them in GANA,...
Definition gnu_name_system_record_types.h:43
expire
static char * expire
DID Document expiration Date Attribute String.
Definition gnunet-did.c:98
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition gnunet-namestore-zonefile.c:302
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition gnunet-service-datastore.c:183
GNUNET_GNSRECORD_MAX_BLOCK_SIZE
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
Definition gnunet_gnsrecord_lib.h:60
GNUNET_GNSRECORD_records_serialize
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
Definition gnsrecord_serialization.c:136
GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
@ GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
This expiration time of the record is a relative time (not an absolute time).
Definition gnunet_gnsrecord_lib.h:132
GNUNET_NZL
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
Definition gnunet_common.h:235
GNUNET_YES
@ GNUNET_YES
Definition gnunet_common.h:116
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition time.c:111
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition time.c:452
GNUNET_TIME_absolute_hton
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition time.c:636
GNUNET_GNSRECORD_Data
A GNS record.
Definition gnunet_gnsrecord_lib.h:177
GNUNET_TIME_AbsoluteNBO::abs_value_us__
uint64_t abs_value_us__
The actual value (in network byte order).
Definition gnunet_time_lib.h:111
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition gnunet_time_lib.h:59
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition gnunet_time_lib.h:79

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, block_sign_ecdsa(), ecdsa_symmetric_encrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, expire, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_aes_key(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_free, GNUNET_GNSRECORD_MAX_BLOCK_SIZE, GNUNET_GNSRECORD_records_get_size(), GNUNET_GNSRECORD_records_serialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_TYPE_PKEY, GNUNET_malloc, GNUNET_NZL, GNUNET_OK, GNUNET_SYSERR, GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_YES, key, payload, pkey, rd, rd_count, and t.

Referenced by block_create2(), and GNUNET_GNSRECORD_block_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_get_size_eddsa()

static ssize_t block_get_size_eddsa ( const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count 
)
static

Definition at line 406 of file gnsrecord_crypto.c.

408{
409 ssize_t len;
410
411 len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
412 if (len < 0)
413 return -1;
414 len += sizeof(struct GNUNET_GNSRECORD_Block);
415 len += crypto_secretbox_MACBYTES;
416 return len;
417}

References GNUNET_GNSRECORD_records_get_size(), rd, and rd_count.

Referenced by GNUNET_GNSRECORD_block_calculate_size().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create_eddsa()

static enum GNUNET_GenericReturnValue block_create_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)
static

Sign name and records (EDDSA version)

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockwhere to store the block. Must be allocated sufficiently.
signGNUNET_YES if block shall be signed as well
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 434 of file gnsrecord_crypto.c.

442{
443 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
444 rd);
445 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
446 unsigned char nonce[crypto_secretbox_NONCEBYTES];
447 unsigned char skey[crypto_secretbox_KEYBYTES];
448 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
449 struct GNUNET_TIME_Absolute now;
450
451 if (payload_len < 0)
452 {
453 GNUNET_break (0);
454 return GNUNET_SYSERR;
455 }
456 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
457 {
458 GNUNET_break (0);
459 return GNUNET_SYSERR;
460 }
461 /* convert relative to absolute times */
462 now = GNUNET_TIME_absolute_get ();
463 for (unsigned int i = 0; i < rd_count; i++)
464 {
465 rdc[i] = rd[i];
466 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
467 {
468 struct GNUNET_TIME_Relative t;
469
470 /* encrypted blocks must never have relative expiration times, convert! */
471 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
472 t.rel_value_us = rdc[i].expiration_time;
473 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
474 }
475 }
476 /* serialize */
477 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block)
478 + payload_len + crypto_secretbox_MACBYTES);
479 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block)
480 + payload_len + crypto_secretbox_MACBYTES);
481 {
482 char payload[payload_len];
483
484 GNUNET_assert (payload_len ==
485 GNUNET_GNSRECORD_records_serialize (rd_count,
486 rdc,
487 payload_len,
488 payload));
489 edblock = &(*block)->eddsa_block;
490 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
491 edblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
492 GNR_derive_block_xsalsa_key (nonce,
493 skey,
494 label,
495 edblock->expiration_time.abs_value_us__,
496 pkey);
497 GNUNET_assert (GNUNET_OK ==
498 eddsa_symmetric_encrypt (payload,
499 payload_len,
500 skey,
501 nonce,
502 &edblock[1]));
503 if (GNUNET_YES != sign)
504 return GNUNET_OK;
505 block_sign_eddsa (key, pkey, label, *block);
506 }
507 return GNUNET_OK;
508}
GNR_derive_block_xsalsa_key
void GNR_derive_block_xsalsa_key(unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition gnsrecord_crypto.c:158
eddsa_symmetric_encrypt
static enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition gnsrecord_crypto.c:112
block_sign_eddsa
static enum GNUNET_GenericReturnValue block_sign_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition gnsrecord_crypto.c:241
GNUNET_GNSRECORD_TYPE_EDKEY
#define GNUNET_GNSRECORD_TYPE_EDKEY
GNS zone delegation (EDKEY)
Definition gnu_name_system_record_types.h:157

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, block_sign_eddsa(), eddsa_symmetric_encrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EddsaBlock::expiration_time, expire, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_xsalsa_key(), GNUNET_assert, GNUNET_break, GNUNET_GNSRECORD_MAX_BLOCK_SIZE, GNUNET_GNSRECORD_records_get_size(), GNUNET_GNSRECORD_records_serialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_TYPE_EDKEY, GNUNET_malloc, GNUNET_NZL, GNUNET_OK, GNUNET_SYSERR, GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_YES, key, payload, pkey, rd, rd_count, and t.

Referenced by block_create2(), and GNUNET_GNSRECORD_block_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create2()

static enum GNUNET_GenericReturnValue block_create2 ( const struct GNUNET_CRYPTO_BlindablePrivateKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  result,
int  sign 
)
static

Definition at line 603 of file gnsrecord_crypto.c.

610{
611 const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
612 struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
613 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
614 char *norm_label;
615#define CSIZE 64
616 static struct KeyCacheLine cache[CSIZE];
617 struct KeyCacheLine *line;
618
619 norm_label = GNUNET_GNSRECORD_string_normalize (label);
620
621 if (GNUNET_PUBLIC_KEY_TYPE_ECDSA == ntohl (pkey->type))
622 {
623 key = &pkey->ecdsa_key;
624
625 line = &cache[(*(unsigned int *) key) % CSIZE];
626 if (0 != memcmp (&line->key,
627 key,
628 sizeof(*key)))
629 {
630 /* cache miss, recompute */
631 line->key = *key;
632 GNUNET_CRYPTO_ecdsa_key_get_public (key,
633 &line->pkey);
634 }
635 res = block_create_ecdsa (key,
636 &line->pkey,
637 expire,
638 norm_label,
639 rd,
640 rd_count,
641 result,
642 sign);
643 }
644 else if (GNUNET_PUBLIC_KEY_TYPE_EDDSA == ntohl (pkey->type))
645 {
646 GNUNET_CRYPTO_eddsa_key_get_public (&pkey->eddsa_key,
647 &edpubkey);
648 res = block_create_eddsa (&pkey->eddsa_key,
649 &edpubkey,
650 expire,
651 norm_label,
652 rd,
653 rd_count,
654 result,
655 sign);
656 }
657#undef CSIZE
658 GNUNET_free (norm_label);
659 return res;
660}
block_create_ecdsa
static enum GNUNET_GenericReturnValue block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records.
Definition gnsrecord_crypto.c:324
block_create_eddsa
static enum GNUNET_GenericReturnValue block_create_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records (EDDSA version)
Definition gnsrecord_crypto.c:434
CSIZE
#define CSIZE
line
static char * line
Desired phone line (string to be converted to a hash).
Definition gnunet-conversation.c:155
res
static char * res
Currently read line or NULL on EOF.
Definition gnunet-namestore-zonefile.c:256
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:201
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:190
GNUNET_GNSRECORD_string_normalize
char * GNUNET_GNSRECORD_string_normalize(const char *src)
Normalize a UTF-8 string to a GNS name.
Definition gnsrecord_misc.c:36
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:111
GNUNET_PUBLIC_KEY_TYPE_EDDSA
@ GNUNET_PUBLIC_KEY_TYPE_EDDSA
EDDSA identity.
Definition gnunet_crypto_lib.h:391
GNUNET_PUBLIC_KEY_TYPE_ECDSA
@ GNUNET_PUBLIC_KEY_TYPE_ECDSA
The identity type.
Definition gnunet_crypto_lib.h:385
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:266
KeyCacheLine
Line in cache mapping private keys to public keys.
Definition gnsrecord_crypto.c:589

References block_create_ecdsa(), block_create_eddsa(), CSIZE, expire, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_free, GNUNET_GNSRECORD_string_normalize(), GNUNET_PUBLIC_KEY_TYPE_ECDSA, GNUNET_PUBLIC_KEY_TYPE_EDDSA, GNUNET_SYSERR, key, KeyCacheLine::key, line, pkey, rd, rd_count, res, and result.

Referenced by GNUNET_GNSRECORD_block_create2(), and GNUNET_GNSRECORD_block_create_unsigned().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_decrypt_ecdsa()

static enum GNUNET_GenericReturnValue block_decrypt_ecdsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EcdsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 736 of file gnsrecord_crypto.c.

742{
743 size_t payload_len = ntohl (block->size) - sizeof (struct
744 GNUNET_GNSRECORD_Block);
745 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
746 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
747
748 if (ntohl (block->size) <
749 sizeof(struct GNUNET_CRYPTO_SignaturePurpose)
750 + sizeof(struct GNUNET_TIME_AbsoluteNBO))
751 {
752 GNUNET_break_op (0);
753 return GNUNET_SYSERR;
754 }
755 GNR_derive_block_aes_key (ctr,
756 key,
757 label,
758 block->ecdsa_block.expiration_time.abs_value_us__,
759 zone_key);
760 {
761 char payload[payload_len];
762 unsigned int rd_count;
763
764 GNUNET_assert (payload_len ==
765 ecdsa_symmetric_decrypt (&block[1], payload_len,
766 key, ctr,
767 payload));
768 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
769 payload);
770 if (rd_count > 2048)
771 {
772 /* limit to sane value */
773 GNUNET_break_op (0);
774 return GNUNET_SYSERR;
775 }
776 {
777 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
778 unsigned int j;
779 struct GNUNET_TIME_Absolute now;
780
781 if (GNUNET_OK !=
782 GNUNET_GNSRECORD_records_deserialize (payload_len,
783 payload,
784 rd_count,
785 rd))
786 {
787 GNUNET_break_op (0);
788 return GNUNET_SYSERR;
789 }
790 /* hide expired records */
791 now = GNUNET_TIME_absolute_get ();
792 j = 0;
793 for (unsigned int i = 0; i < rd_count; i++)
794 {
795 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
796 {
797 /* encrypted blocks must never have relative expiration times, skip! */
798 GNUNET_break_op (0);
799 continue;
800 }
801
802 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
803 {
804 int include_record = GNUNET_YES;
805 /* Shadow record, figure out if we have a not expired active record */
806 for (unsigned int k = 0; k < rd_count; k++)
807 {
808 if (k == i)
809 continue;
810 if (rd[i].expiration_time < now.abs_value_us)
811 include_record = GNUNET_NO; /* Shadow record is expired */
812 if ((rd[k].record_type == rd[i].record_type) &&
813 (rd[k].expiration_time >= now.abs_value_us) &&
814 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
815 {
816 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
817 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
818 "Ignoring shadow record\n");
819 break;
820 }
821 }
822 if (GNUNET_YES == include_record)
823 {
824 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
825 if (j != i)
826 rd[j] = rd[i];
827 j++;
828 }
829 }
830 else if (rd[i].expiration_time >= now.abs_value_us)
831 {
832 /* Include this record */
833 if (j != i)
834 rd[j] = rd[i];
835 j++;
836 }
837 else
838 {
839 struct GNUNET_TIME_Absolute at;
840
841 at.abs_value_us = rd[i].expiration_time;
842 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
843 "Excluding record that expired %s (%llu ago)\n",
844 GNUNET_STRINGS_absolute_time_to_string (at),
845 (unsigned long long) rd[i].expiration_time
846 - now.abs_value_us);
847 }
848 }
849 rd_count = j;
850 if (NULL != proc)
851 proc (proc_cls,
852 rd_count,
853 (0 != rd_count) ? rd : NULL);
854 }
855 }
856 return GNUNET_OK;
857}
ecdsa_symmetric_decrypt
static ssize_t ecdsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition gnsrecord_crypto.c:34
GNUNET_GNSRECORD_records_deserialize
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
Definition gnsrecord_serialization.c:244
GNUNET_GNSRECORD_records_deserialize_get_size
unsigned int GNUNET_GNSRECORD_records_deserialize_get_size(size_t len, const char *src)
Definition gnsrecord_serialization.c:199
GNUNET_GNSRECORD_RF_SHADOW
@ GNUNET_GNSRECORD_RF_SHADOW
This record should not be used unless all (other) records in the set with an absolute expiration time...
Definition gnunet_gnsrecord_lib.h:116
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:551
GNUNET_NO
@ GNUNET_NO
Definition gnunet_common.h:113
GNUNET_break_op
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
Definition gnunet_common.h:1067
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition gnunet_common.h:423
GNUNET_STRINGS_absolute_time_to_string
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition strings.c:660
GNUNET_CRYPTO_SignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition gnunet_crypto_lib.h:142
GNUNET_GNSRECORD_Block::ecdsa_block
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
Definition gnunet_gnsrecord_lib.h:297
GNUNET_GNSRECORD_Data::flags
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
Definition gnunet_gnsrecord_lib.h:205
GNUNET_GNSRECORD_Data::expiration_time
uint64_t expiration_time
Expiration time for the DNS record.
Definition gnunet_gnsrecord_lib.h:190
GNUNET_TIME_AbsoluteNBO
Time for absolute time used by GNUnet, in microseconds and in network byte order.
Definition gnunet_time_lib.h:106

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, GNUNET_GNSRECORD_Block::ecdsa_block, ecdsa_symmetric_decrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_aes_key(), GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_ERROR_TYPE_INFO, GNUNET_GNSRECORD_records_deserialize(), GNUNET_GNSRECORD_records_deserialize_get_size(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_RF_SHADOW, GNUNET_log, GNUNET_NO, GNUNET_NZL, GNUNET_OK, GNUNET_STRINGS_absolute_time_to_string(), GNUNET_SYSERR, GNUNET_TIME_absolute_get(), GNUNET_YES, key, payload, rd, rd_count, and GNUNET_GNSRECORD_Block::size.

Referenced by GNUNET_GNSRECORD_block_decrypt().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_decrypt_eddsa()

static enum GNUNET_GenericReturnValue block_decrypt_eddsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EddsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 861 of file gnsrecord_crypto.c.

867{
868 size_t payload_len = ntohl (block->size) - sizeof (struct
869 GNUNET_GNSRECORD_Block);
870 unsigned char nonce[crypto_secretbox_NONCEBYTES];
871 unsigned char key[crypto_secretbox_KEYBYTES];
872
873 if (ntohl (block->size) <
874 sizeof(struct GNUNET_CRYPTO_SignaturePurpose)
875 + sizeof(struct GNUNET_TIME_AbsoluteNBO))
876 {
877 GNUNET_break_op (0);
878 return GNUNET_SYSERR;
879 }
880 GNR_derive_block_xsalsa_key (nonce,
881 key,
882 label,
883 block->eddsa_block.expiration_time.abs_value_us__
884 ,
885 zone_key);
886 {
887 char payload[payload_len];
888 unsigned int rd_count;
889
890 GNUNET_assert (GNUNET_OK ==
891 eddsa_symmetric_decrypt (&block[1], payload_len,
892 key, nonce,
893 payload));
894 payload_len -= crypto_secretbox_MACBYTES;
895 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
896 payload);
897 if (rd_count > 2048)
898 {
899 /* limit to sane value */
900 GNUNET_break_op (0);
901 return GNUNET_SYSERR;
902 }
903 {
904 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
905 unsigned int j;
906 struct GNUNET_TIME_Absolute now;
907
908 if (GNUNET_OK !=
909 GNUNET_GNSRECORD_records_deserialize (payload_len,
910 payload,
911 rd_count,
912 rd))
913 {
914 GNUNET_break_op (0);
915 return GNUNET_SYSERR;
916 }
917 /* hide expired records */
918 now = GNUNET_TIME_absolute_get ();
919 j = 0;
920 for (unsigned int i = 0; i < rd_count; i++)
921 {
922 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
923 {
924 /* encrypted blocks must never have relative expiration times, skip! */
925 GNUNET_break_op (0);
926 continue;
927 }
928
929 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
930 {
931 int include_record = GNUNET_YES;
932 /* Shadow record, figure out if we have a not expired active record */
933 for (unsigned int k = 0; k < rd_count; k++)
934 {
935 if (k == i)
936 continue;
937 if (rd[i].expiration_time < now.abs_value_us)
938 include_record = GNUNET_NO; /* Shadow record is expired */
939 if ((rd[k].record_type == rd[i].record_type) &&
940 (rd[k].expiration_time >= now.abs_value_us) &&
941 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
942 {
943 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
944 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
945 "Ignoring shadow record\n");
946 break;
947 }
948 }
949 if (GNUNET_YES == include_record)
950 {
951 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
952 if (j != i)
953 rd[j] = rd[i];
954 j++;
955 }
956 }
957 else if (rd[i].expiration_time >= now.abs_value_us)
958 {
959 /* Include this record */
960 if (j != i)
961 rd[j] = rd[i];
962 j++;
963 }
964 else
965 {
966 struct GNUNET_TIME_Absolute at;
967
968 at.abs_value_us = rd[i].expiration_time;
969 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
970 "Excluding record that expired %s (%llu ago)\n",
971 GNUNET_STRINGS_absolute_time_to_string (at),
972 (unsigned long long) rd[i].expiration_time
973 - now.abs_value_us);
974 }
975 }
976 rd_count = j;
977 if (NULL != proc)
978 proc (proc_cls,
979 rd_count,
980 (0 != rd_count) ? rd : NULL);
981 }
982 }
983 return GNUNET_OK;
984}
eddsa_symmetric_decrypt
static enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition gnsrecord_crypto.c:88
GNUNET_GNSRECORD_Block::eddsa_block
struct GNUNET_GNSRECORD_EddsaBlock eddsa_block
Definition gnunet_gnsrecord_lib.h:298

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, GNUNET_GNSRECORD_Block::eddsa_block, eddsa_symmetric_decrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EddsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_xsalsa_key(), GNUNET_assert, GNUNET_break_op, GNUNET_ERROR_TYPE_INFO, GNUNET_GNSRECORD_records_deserialize(), GNUNET_GNSRECORD_records_deserialize_get_size(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_RF_SHADOW, GNUNET_log, GNUNET_NO, GNUNET_NZL, GNUNET_OK, GNUNET_STRINGS_absolute_time_to_string(), GNUNET_SYSERR, GNUNET_TIME_absolute_get(), GNUNET_YES, key, payload, rd, rd_count, and GNUNET_GNSRECORD_Block::size.

Referenced by GNUNET_GNSRECORD_block_decrypt().

Here is the call graph for this function:
Here is the caller graph for this function: